Updating Free Software in the Enterprise? 367
wallykeyster asks: "I'm an IT Director for a small private university in the U.S., and we are largely a Microsoft shop. We pay over $15,000 each year for our Campus Agreement so that we can upgrade the desktop OS to our version of choice, run Office, and have some Client Access Licenses. I would like to move to FOSS solutions, but I'm having trouble finding support for Enterprise management. For example, OpenOffice and Firefox (both of which I use personally) would be easy first steps, but IE is updated automatically via our SUS server (and settings pushed to clients via group policies) and Office updates will be included soon. How are other larger organizations (i.e. more than 200 desktops) dealing with software deployment and updates? Is anyone using Zen with Novell Desktop Linux?"
Easy... (Score:5, Informative)
0 3 * * *
Re:Easy... (Score:3, Informative)
You handle user settings with networked home directories and dot-files, which you can script modifications to if you so desire.
Re:Easy... (Score:2)
Re:Easy... (Score:4, Informative)
Re:Easy... (Score:5, Informative)
He does mention starting with the easy ones.
How do you perform a Windows based rollout, and make sure your settings are updated.
Is there possibly a portion of the group policy which would run an msi/executable update?
Re:Easy... (Score:5, Interesting)
I'm looking for help doing this in smaller steps without losing enterprise-level management I have with SUS, group policies, etc.
PSPP (Score:3, Informative)
Better to help fund or contribute work toward the programming of PSPP [gnu.org], a free software replacement for SPSS. The questioner did ask specifically about free software.
Re:How good is SUS? (Score:3, Funny)
Re:Easy... (Score:2)
I'd imagine that you can set a script/batch file to run at logon, and just put whatever you need in that.
(That is, I *know* you can specify a logon batch script, just not whether or not that can be enforced or pushed out via group policy)
Re:Easy... (Score:3, Informative)
Re:Easy... (Score:3, Insightful)
Re:Easy... (Score:5, Informative)
Run a local Debian package repository, only put updates you want in it, point your system's sources.list at the local repository, and add the following to the crontab for every system you deploy:
That's good for professor and permanent student workstations. But for lab machines, what you want is systemimager. I used to admin a lab as an undergrad and it was great. I had two "golden clients" from which came the two images I used. Then if a machine got messed up or if I did an update of some kind, I just told all the machines to reboot and grab their new omages from the server. It also supports letting you specify certain parts of the directory to not send and/or receive. All in all, a very powerful piece of software.
Re:Easy... (Score:5, Interesting)
Just my $0.02 from a fellow sysadmin who has left imaging and never looked back!
DaGoodBoy
Re:Easy... (Score:3, Interesting)
Thin Clients. Search Newsforge for how Largo, FL setup a the whole town's IT on Linux thin clients.
Lock down. edit permissions and or wipe the home directory on logout and rebuild from
Build a Knoppix disk. but more of pain to make it so that say remote printers work, but on modern machines that only need limited functionality like saw web and a Office Suite, Knoppix will run acceptabl
Re:Easy... (Score:3, Informative)
rpm upgrade (Score:2, Informative)
Re:rpm upgrade (Score:5, Funny)
At least tell him to find his favorite geek to explain it to him...
Re:rpm upgrade (Score:5, Funny)
Re:rpm upgrade (Score:2)
Give up already! (Score:5, Funny)
small colleges (Score:2, Interesting)
We have aproximatly 550 PC's on two completely differnt
Re:small colleges (Score:3, Insightful)
Do you have classes (in either IT, CS, MIS, or similar) that claim to teach real-world skills? If so, a project to automate such an effort would be a wonderful class project for you guys to undertake.
Even if the class isn't about IT, this project can be used as a case study - for example, a class about software methodologies and s
Re:small colleges (Score:2, Interesting)
By hand?
I'm the IT Manager (nice job title for the only computer guy at the company) at a small print company (less than 50 PC's) and I simply use SUS on an old (OLD server 200MHz Pentium 1 MMX machine) to select updates that I think are needed and apply them to the windows machines.
SUS is a free download from Microsoft. The downside to it at the moment is that it's Windows 2000/XP/2003 only at the moment. I hear MS is adding the ability to apply Office updates through it too in v2.
Re:small colleges (Score:4, Informative)
Updating Free Software in the Enterprise? (Score:2, Funny)
We use Altiris (Score:3, Interesting)
Re:We use Altiris (Score:2)
Is anyone repackaging FOSS for distribution? (Score:3, Interesting)
Re:Is anyone repackaging FOSS for distribution? (Score:2)
It's Just Another Package as far as all that stuff is concerned.
Re:Is anyone repackaging FOSS for distribution? (Score:5, Informative)
MakeMSI [labyrinth.net.au] is a good tool for rolling your own, though it's best if you have some knowledge of how the tables work. Often I'll use Orca to tweak/double check things.
Firefox was a bit of a pain to package the first time because of all the subdirs, but it's really light on the registry keys and for updates it's mostly a matter of just dropping in the new files.
Re:Is anyone repackaging FOSS for distribution? (Score:2)
PDFCreator was the worst of the bunch since I'm morally opposed to just wrapping installers and want a real MSI. I ended up having to write a custom DLL to install the printer driver as the MSI format doesn't include any provisions for that.
$15,000 a year... (Score:5, Funny)
OK.. there are better ways, but at least the money is not going to the Evil Empire.
Re:$15,000 a year... (Score:2, Insightful)
It was awful, and I will never do it again. I ended up spending all my time fixing stupid mistakes, and it was more work than just doing it myself. Especially since the ultiumate solution was to convert to linux, and set up a server to dish out rpm's and schedule updates via crontabs.
Re:$15,000 a year... (Score:3, Insightful)
When I started my latest academic sysadmin job, we were talking about hiring a couple of students, as that's what they'd always done in the past. I kept putting it off because the systems were so screwed up that I had to spend a huge amount of time trying to figure out what kind of crack people had been smoking when they set them up and didn't have the time or energy to train anyone.
In the end, we bought a brand-new server (we needed the disk space, anyway) that I set up from scratch. I migrated the dat
Re:$15,000 a year... (Score:4, Insightful)
Re:$15,000 a year... (Score:2)
Re:$15,000 a year... (Score:4, Interesting)
Computers are just a tool. They help people get work done more quickly in all manners and fashions. They are also a wonderful tool for teaching - both specifics and general concepts. One of the excellent skills which will be gained by giving students the task of installing/updating/upgrading machines - and not just CS/IT students, though I'm sure many of them could use the hands-on experience as well - is that it will help them conceptually visualize abstract structures. This is basic common sense. If people can recognize abstract structures and work within these confines, they can then apply this information applicably in the rest of their life. They'll learn how to be more organized and more systematic in their every-day approach, potentially making them better citizens and employees in their future lives.
This is very, very good advice, not "funny".
Now, granted, this would probably end up with many lab systems unfunctional for a good period of time, but that might just get them to work more diligently on getting the systems up and running.
Re:$15,000 a year... (Score:2)
Stand *nix tools (Score:3, Informative)
Network. (Score:5, Informative)
Re:Network. (Score:2)
It scales better if you (a) automount the remote filesystems, and (b) use in conjunction with cachefs.
If you notice performance problems, you may elect to deploy a set of workgroup servers, or you may find it worth the effort to switch to something
Network filesystems, yes. NFS mount /usr/*LOCAL*? (Score:4, Informative)
If you want to learn how to scale unix systems management a good start is infrastructures.org. You don't have to follow their ideas slavishly but it'll get you into the right mindset, and that's what matters.
Keeping Unix boxes up to date is simple once you understand how, the effort required to manage 1000 machines is only marginally more than 100 which is only marginally more than required for 10.
At $15,000 a year...... (Score:3, Insightful)
Re:At $15,000 a year...... (Score:3, Informative)
Re:At $15,000 a year...... (Score:3, Interesting)
How in the hell could that happen? If you change slow, and with those users who WANT the change, it could go smooth.
Re:At $15,000 a year...... (Score:3, Insightful)
This could be cheaper than $15,000.
Re:At $15,000 a year...... (Score:3, Insightful)
That's SUS, Goober. (Score:4, Informative)
The SUS server, free from Microsoft, automatically downloads all of the updates from Microsoft's Windows Update server and stores them on a local server. The administrator, one only, then reviews the downloaded patches and authorizes which ones he wants to be installed on the workstations. Using Group Policies, the administrator reconfigures the Automatic Update service on all of the Windows 2000 or greater systems on his network and points it at the SUS server, rather than the default Windows Update site. The next morning, ALL SPECIFIED systems have been updated.
It only needs ONE FRIGGING GUY to manage 10 machines or 50,000 machines and he doesn't have to leave his desk! The entire setup from start to finish can be setup and configured in an hour or less.
Now, the next level is to do this with applications beyond the Windows Operating system. But, hey, they have solutions for that too. Microsoft Operations Manager(MOM) and Microsoft Systems Management Server(SMS) provide complete management control over the Windows systems on the network. MOM is for smaller scale operations while SMS is the full on enterprise package. No, they aren't free but, organizations that require them can easily afford them.
Re:At $15,000 a year...... (Score:3, Insightful)
Re:At $15,000 a year...... (Score:3, Informative)
Migrating may cost some money upfront but the software would be free, and will continu to be free. Chances are there is a budget for major projects, upgrades etc.
Also it is wel know that Linux/Unix systems are much cheaper per server/per machine to administer. One study I believe quoted aprox 1 admin to 30 machin
Re:At $15,000 a year...... (Score:3, Insightful)
(I've done it for a small office, and it wan't pretty. None of the corporate standards switched, so everytime wo opened an old document, the formatting was toast. Trivial, though annoying, for you and me, but "the world is coming to an end"-level crisis for older, entrenched, barely-computer-literate secrateries. And, no, you can't just fire them all - t
Re:At $15,000 a year...... (Score:3, Insightful)
It would be at least a few years and many hours of downtime before they would see any of that money recouped. As someone who has sat down and done an actual cost analysis, I can tell you, it's not cheap to switch to something that's "free" (beer).
cfengine (Score:4, Informative)
However, we used to automate updates, apply system patches and rebuild the world if necessary. With about 5 lines changed to a single server, I could force all the workstations to re-install themselves overnight.
We also used this system to push out passwd file updates (poor-man's centralized auth).
http://www.cfengine.org/ [cfengine.org]
Zenworks for Linux/RedCarpet (Score:5, Interesting)
Re:Zenworks for Linux/RedCarpet (Score:4, Informative)
Re:Zenworks for Linux/RedCarpet (Score:3, Insightful)
W0t? (Score:2)
Seriously, why would anyone *doubt* that delivering software is much better than linux? If there's something wrong in windows, is software packaging and delivery. Did you realized how you 3rd party programs don't have methods to update automatically? (hell, lots of programs even need to be uninstalled by hand before installing the new version, no "upgrade" support)
In Linux, you have things like APT. With APT, you can upda
Same boat (Score:5, Insightful)
Re:Same boat (Score:2)
Unzip firefox to some network drive.
Create shortcuts on desktops to f:\apps\firefox
That's it right? Firefox keeps profile information on the users profile so no problem there. When the time comes to upgrade just unzip the new firefox on top of the old one and you are done.
Can anybody think of why this would not work?
Re:Same boat (Score:2, Insightful)
Re:Same boat (Score:5, Insightful)
It sounds like a Windows Server Administrator Template Policy would go a long way towards Firefox acceptance in corporate environments. You'd need some kind of plugin for Firefox that makes it read values from the Windows registry, as well.
Alternatively, a Firefox plugin could read the Group Policy restrictions targeted at IE, and "translate" them internally to the Firefox equivalents, but such a solution would be a sloppy hack at best.
Re:Same boat (Score:3, Informative)
Sadly, there isn't a perfect answer - yet. The Mozilla wiki covers this problem in more detail here [mozilla.org].
Firefox ADM partially covers this ground - here [ed.ac.uk].
There's another tool similar to Firefox ADM, but I can't find info on it at the moment.
Summary: Firefox is almost there, but in most enterprise situations,
Solutions... (Score:2)
Unsure from your post... (Score:2)
If Linux, then follow the advice of the poster who told you to use Debian -- its package management is, IMNSHO, The Best, Ever! (tm) for Unix. If you can't go with Debian, then look at using rsync. We use that here (maybe 50 FreeBSD workstations and servers), and it's great: add stuff to The One True Machine and it shows up the next morning. We synchronize the usual suspects this way: /usr/local, /usr/X11R6.
If Windows...well, I pre
Re:Unsure from your post... (Score:2)
Re:Unsure from your post... (Score:3, Informative)
As I mentioned, you need a silent install. For F., there's different ways to do that:
I've tested the first and last w/o any problems.
Totally obvious (Score:2, Insightful)
Pay 45K per year to hire someone to manage a homegrown house of cards "solution" based on rsync, rpm, apt-get, crontabs and other such industry stalwarts.
I think the choice is clear!
Re:Totally obvious (Score:3, Insightful)
While I agree that the 3X differential in cost may be too high for this person's institution just to migrate, the "house of cards" comment is laughable. Centralized software management has been done successfully for years on *nix platforms and is done for a much lower cost than what you cite in yorur comments.
But we also manage large *nix server farms f
Re:Totally obvious (Score:3, Insightful)
Yes, that can be problematic. That is why someone considering coverting would want to pick a distro and be consistent.
If you are honest in your assessment, though, you will concede that Microsoft updates often break apps that have been created by customers. We often experience a lag time in deploying Access when Office upgrades come out due to the
Re:Totally obvious (Score:2)
While I would agree that someone managing a system based on *nix with experienced admins would probably be easier, it is not neccesarily the case that it is easier for everyone. If the person in the original article has no experience with *nix at all it will take them considerable effort and time to make the change to an open source environment.
I would think very carefully (Score:2)
Please think also "free software on WINDOWS"!!! (Score:3, Insightful)
The question is most probably about updating free software on Windows desktops!
Re:Please think also "free software on WINDOWS"!!! (Score:2)
http://www.novell.com/products/zenworks/quicklook
$15,000 fo 200+ Desktops (Score:2)
I think everyone misunderstood what is being asked (Score:2)
Re:I think everyone misunderstood what is being as (Score:2)
If I get something outside of the RHN update inventory, I have to update it myself.
That would be no different in a Microsoft environment.
Zenworks 7 (Score:5, Informative)
Firefox & GPedit & firefox.msi (Score:2, Informative)
http://sourceforge.net/projects/firefoxadm [sourceforge.net]
Unoffical Firefox MSI builds can be found at
http://www.frontmotion.com/Firefox/ [frontmotion.com]
Official Firefox Msi installers will be avaible in the 1.1 release nightly msi builds can be found at http://ftp.mozilla.org/pub/mozilla.org/firefox/nig h [mozilla.org]
Google is your friend (Score:5, Informative)
This website [frontmotion.com] has downloadable MSI packages that will integrate Firefox into AD and GPO, as well as a howto.
This thread [oooforum.org] will show you how to do the same for OO.o, but only for the 2.0 beta version.
I know about Zen (Score:2)
> Is anyone using Zen with Novell Desktop Linux?
Yes, I am. What I can say is that Zen on Linux, is kind-of slow, not as agile and feature rich as its Windows counterpart. All in all, it provides a good first step since improvements will always be done.
I assume you're still using MSFT desktops. (Score:2)
I know that my last two assignments have been large organizations and both have used SMS.
I read "Updating Free Software on the Enterpise" (Score:2, Interesting)
Updates (Score:2)
This is only really a question in the Microsoft world. In the Unix world it's old hat. Possibilities:
ZenWorks (Score:2)
Not only it lets you automatically update software (other posts have pointed out that you can trivially do this in Debian-based distributions with a cron job) but it will also help you easily define default settings for each application and group of users.
Disclaimer: I work at Novell.
There is pyhton... (Score:2)
Firefox MSI (Score:2)
The same way it has always been done... (Score:3, Insightful)
Nowadays, with RPM and DEB package managers, you also have the option to put all packages on a central FTP server and then schedule an update using the native update utility eg. apt, rpm or urpmi.
So, my reaction to anyone claiming that there is 'no support' for Unix, or that Unix is 'hard to manage' or that Unix 'doesn't have enterprise tools'. Is one of incredulity - like where have you been the past 500 years, man??? Sleeping???
Keeping Systems Updated (Score:2)
Debian uses apt-get, which can be scripted to feed off a (group of) particular server(s). I don't use Debian, so I can't speak specifically to its strengths and weaknesses, but I'm sure someone else will.
Fedora/Red Hat systems have RPM and yum, both of which are network aware (Though no one uses the network functionality in RPM that I can find). I have smaller networks (40 machines in one, and 12 machines in another) that feed off of one yum server, which is a box tha
Does no one use XCOPY anymore? (Score:2)
Just because this won't work for spectacularly ill designed applications such as the likes of internet explorer doesn't mean you should become a drooling idiot if an app doesn't come with an MSI or a SUS server.
I mean fer cryin out loud, on most well-m
Stick with Windows (Score:3, Insightful)
Re:Stick with Windows (Score:2)
You are getting a great deal.
huh? (Score:2)
This question was very poorly phrased, as it's not easy to tell if the goal is to go entirely FOSS for OS and applications, or just for some applications and leaving the underlying MS Windows platform in place.
Unattended (Score:3, Informative)
This is a great way to script installation of windows machines. You can put any applications you want into the system and use it to push machine upgrades out.
Use cfengine (Score:4, Informative)
Since it's impossible to reason about security except with respect to a given configuration, this is a subject which deserves close attention, especially at larger sites where economies of scale are most effective.
Mark Burgess at the University of Oslo developed a mechanism called cfengine [cfengine.org] as a solution to the configuration management problem. It's multiplatform, mature, stable, comprehensive, secure, and it scales very well. I recommend it.
Re:Use cfengine (Score:3, Informative)
(But once you get your head around the weirdness, quite capable - although I only concur with the recommendation due to a dearth of alternative options.)
ZENworks Linux Management (Score:3, Interesting)
Key things - this is not just software distribution anymore - it's full stack management of Linux - server and workstation; Red Hat as well as SuSE/Novell.
As for customers - yes it's in use; yes Novell use it internally to manage their desktop and server machines. Usual disclaimers.
Mozilla Foundation has management tools (Score:3, Informative)
http://mozillazine.org/talkback.html?article=6602
It would be very helpful if they would release them, even in some incomplete, unsupported state.
Repackage Updates as MSI (Score:3, Informative)
There are many softwares available that can repackage an install as an MSI. You can than repackage your updates to Firefox, etc and apply using Group Policy as you are used to. There are even some OS efforts (http://msi-repackaging.sourceforge.net/ [sourceforge.net])
I hope that you don't let software distribution be a stickler here. The benefits to rolling out Firefox, etc are many.
Automated Deployment of Firefox / OO.org (Score:3, Informative)
In case the question was about using FOSS on a Windows network (for the time being), the following might help.
This tool is fairly useful for deploying Firefox on a network:
http://firefox.dbltree.com/ [dbltree.com]
As for OpenOffice, I use central network location, see the setup guide (I think you have to run setup.exe with the -net option). I'm not sure what must be done from there to automate installation, we usually do it manually because Workstation installs of OOo (from a central network location) take seconds.
As for the question of whether the MS deal was a "good value". First, let me say that there's more to "value" than cost. Also realize that $50000 per year might be cheaper than MS's $15000. Once you figure in MSCE training for an IT team and the increased labor it takes to run a Windows network you might be surprised. Believe me, once configured, Linux machines can be dead reliable and reimaged lightning fast, I do it for a living. That said, Firefox has saved me 8 hours per week at one client that only has 10 computers.
Well, ask your purchasing department how many suppliers it has for, say, light bulbs. While more than a few places say "just one", I find universities in particular tend to have four or five suppliers solely for the purpose of leveraging one against the other for good pricing.
What's the point of my story? The point is that MS as a single supplier means you will pay as much as they want you to. Of course it will always be "a little cheaper". In a software world with real competition, that will change.
Regardless, it's worth pointing out that increasingly it is the case that people are choosing FOSS for reasons other than price:
http://www.groklaw.net/article.php?story=20050426
BigFix? (Score:3, Informative)
If you are on a small budget, you can just go with simple scripting. Pick a Debian based distro or an RPM based one (SuSE or RedHat only) and you can script all you need. Enable SSH for every system you deploy, desktop and server. Then you just write a few simple scripts _once_ and you can push down any update you need.
Red Hat has their own update stuff and you can pay them extra and run your own update server on your local network. However, where I work we have found Red Hat to be _way_, _way_ overpriced (I work for a multi-billion fortune 500). We are starting to look toward Novell SuSE for our Linux needs. Novell SuSE is _way_ better priced. If you look at a Red Hat Linux solution and an MS Windows Solution, MS will usually be less expensive! I personally don't know what Red Hat is thinking. However, if you go with Novell SuSE, you will see that Novell SuSE is far less expensive than MS. Also, Novell SuSE has some very nice tech that they got from Ximian. As you pointed out, Ximian, now Novell, Red Carpet, is a very nice corporate update client. That is the whole design of the product. You have one local update server and put the client on all your deployed systems and Novell Redcarpet handles the rest.
With Linux you have tons of options. If you have a really bare-bones budget, I would personally recommend a nice Debian solution. I have been using Ubuntu [ubuntulinux.org] on my desktops at work and at home and have been very pleased with how easy it is to upgrade with out dependency problems. I originally used Fedora Core, however I would run into repository conflicts often because every Fedora repository out there tried to be "The" repository for Fedora. So you would have 3 or 4 versions of every package and they would all conflict. You won't run into that with a Debian based distro.
If you have a bigger budget, look into Novell SuSE (which is still very cheep) and their Red Carpet client/server to handle updates. If your budget is even bigger, you can look into BigFix. However, I think BigFix is priced more as a bigger corporate product, though for our budget, BigFix was still priced nicely per/client.
As I said, you have _tons_ of options with a GNU/Linux deployment. Build yourself a seperate subnet and spend a few days testing to see what level of support you want. Obviously, the less support you or your staff want to do, the more you will pay for your solution. You could spend 10's of thousands if not 100's of thousands (or millions like us) for a complete MS software "assurance" package or you can go very lowlevel and build your own GNU/Linux system like Linux From Scratch [linuxfromscratch.org] (which was very fun for a personal project but _way_ too much work for a professional solution for more than 5 systems).
I persoanlly think your best bet is a hybrid system of Linux and MS Windows. As I said, get a test lab/network. Then use the right tool for the right job. Try to build a lab that is all or almost all Linux servers with mostly MS Windows XP desktops. On your MS Windows desktops try to use OSS software. For example, deploy Firefox and OOo.org. Maybe for some more tech users you could even get some Linux desktops in that mix. For your development needs, use OSS tech such as Tomcat or PHP.
Honestly, I would personally love to be in your position. It sounds like you have the ability to use the "right tool for the right job" without all the PHB crap or extreme OS bias. Where I work we have 140,000 employees and changing technology is like the changing of the North pole ; )